RE: Bypass this javascript?

It's interesting that the username is directly followed by the password in the URL (not separated as get variables etc); this means that if the username would be "abc" and the password is "123" then you could enter "abc123" as the username and leave the password field blank and still get logged in...